1 minute read
1.3 What data and activities does the GDPR apply to?
from GDPR Guidance
Data should not be kept longer than needed. For example if the key contact of a fair trade group changes then you should delete the old contact information.
6. Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. You must be careful when managing personal data. For example, do not access personal data on a shared computer in a public library; do not store personal data on more devices than necessary; do not leave printed copies lying around. Do keep your personal devices as secure as possible.
Advertisement
If you are unsure about how you should be managing personal data as part of your role please contact the Volunteer Engagement Manager sally.seddon@shared-interest.com.
1.3 What data and activities does the GDPR apply to?
❖ Personal data
The GDPR outlines how personal data can be used. Personal data means any information relating to a living person who can be directly or indirectly identified by that information.
Personal data includes:
▪ Name (title, first name and surname) ▪ Postal address (full or partial e.g. postcode) ▪ Email address ▪ Telephone number (home or mobile) ▪ Membership number ▪ Online identifiers (such as IP address)
• Special categories of personal data
The GDPR also governs the use of sensitive personal data, which is now described as special categories of personal data - and there are stricter controls regulating the collection and use of this information. Sensitive personal data includes ethnicity, race, political affiliation, religion, union membership, health, sexual orientation etc.
Volunteers should not be handling special categories or sensitive data, so should not need to be familiar with these stricter controls.
❖ Data processing
The GDPR, like the Data Protection Act, is about how personal data can be processed. Data processing means:
✓ Collecting data ✓ Recording and holding data (electronically or in paper-based filing systems)
